zlacker

[parent] [thread] 2 comments
1. eqvino+(OP)[view] [source] 2026-01-13 10:24:35
Uh, you know you can scan UDP ports just fine, right? Hosts reply with an ICMP destination unreachable / port unreachable (3/3 in IPv4, 1/4 in IPv6) if the port is closed. Discarding packets won't send that ICMP error.

It's slow to scan due to ICMP ratelimiting, but you can parallelize.

(Sure, you can disable / firewall drop that ICMP error… but then you can do the same thing with TCP RSTs.)

replies(1): >>apstls+mw2
2. apstls+mw2[view] [source] 2026-01-13 22:03:04
>>eqvino+(OP)
That's why you discard ICMP errors.
replies(1): >>eqvino+8t3
◧◩
3. eqvino+8t3[view] [source] [discussion] 2026-01-14 05:09:16
>>apstls+mw2
If anything, that's why you discard ICMP port unreachable, which I assume you meant.

If you're blanket dropping all ICMP errors, you're breaking PMTUD. There's a special place reserved in hell for that.

(And if you're firewalling your ICMP, why aren't you firewalling TCP?)

[go to top]